Tim White

Qualys Cloud Suite 8.6 API Release Notification 2

Blog Post created by Tim White on Oct 19, 2015

A new release of Qualys Cloud Suite, Version 8.6, includes an API update which is targeted for release in November 2015.


This API notification provides an early preview into the upcoming API features and enhancements in Qualys Cloud Suite 8.6, allowing you to proactively identify new opportunities to automate your Qualys service or to integrate with other applications.


This 15-day notification describes new API features that do not impact existing API implementations. API changes in the 8.6 release that may impact existing API implementations were already announced in the 30-day notification: Qualys Cloud Suite 8.6 API Release Notification


Full release notes will be available to customers on the day of the release.


Qualys API Enhancements


Select Scanner Appliances using Asset Tags


The Scan API v2 (/api/2.0/fo/scan/) has been updated to support the selection of a scanner appliance via tags.  The parameter “scanners_in_tagset” can be used when launching or scheduling a scan using tags via the API.  The Appliance API v2 (/api/2.0/fo/appliance/) parameter "output_mode" can be used to list the asset tags for each scanner.

For more details on the new feature, please review <Qualys Cloud Suite 8.6 New Features blog entry>.


Appliance List Output - Running Slices Count


We’ve updated the Appliance API v2 (/api/2.0/fo/appliance/) appliance list output to tell you if an appliance is available or busy.  You'll see the new RUNNING_SLICES_COUNT element in the output, a 0 value indicates the appliance is not busy and available.


User List Output - Timezone Code


The User List v1 API (/msp/user_list.php) user list output now includes the timezone code selected for each user - either the browser’s timezone (Auto) or a user-selected timezone (e.g., US-NY).


Scan List Output - Target No Longer Truncated


We will now show the full list of target IPs in the output when you make a scan list request. In previous releases, we would truncate the target list after a set number of

characters and show [...] to indicate that it was truncated.


VM - Download the KnowledgeBase to CSV, XML


You can download the KnowledgeBase in the same way you download other data lists from the UI. Simply choose Download from the New menu when you’re on the KnowledgeBase tab. Then select a file format (CSV or XML). Only the records and columns shown in the UI will be included in the downloaded report.


VM - View multiple Oracle instances on a port


You’ll see scanned Oracle instances listed separately in scan results, scan reports, host detection results and ticket list output. Note you’ll need to create a separate Oracle authentication record for each of the instances you want to scan.

There are no changes made to API calls or DTDs.


VM - Create static search lists


Our new Static Search List API (/api/2.0/fo/qid/search_list/static/) lets you create, update, list, and delete static search lists and get detailed information about them.


VM - Create dynamic search lists


Our new Dynamic Search List API (/api/2.0/fo/qid/search_list/dynamic/) lets you create, update, list, and delete dynamic search lists and get detailed information about them.


VM - Vendor IDs and references PC


Our new Vendor API (/api/2.0/fo/vendor/) lists vendor IDs and names. This vendor information may be defined as part of dynamic search list query criteria.


VM - Display Host Identification Information in Scan Reports


When you have cloud agents they’re collecting additional host information. Now you can include more host identification information in your scan reports like IP addresses (IPv4 and IPv6) and the asset ID for each host. This option is available for scan reports in all formats, including XML. The Asset Data Report DTD has been updated. (This information is only available when VM agents are licensed in your account.)


PC - Display reference information in reports

With this release you can view the Reference information for controls in Policy Compliance and Compliance Interactive reports. We’ve updated DTDs for Individual Host Compliance Report (individual_host_compliance_report.dtd) and Control Pass/Fail Report (control_pass_fail_report.dtd).